From patchwork Sat Jan 13 18:10:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Marchi X-Patchwork-Id: 25388 Received: (qmail 93277 invoked by alias); 13 Jan 2018 18:10:25 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 92987 invoked by uid 89); 13 Jan 2018 18:10:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.2 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:4951 X-HELO: sessmg22.ericsson.net Received: from sessmg22.ericsson.net (HELO sessmg22.ericsson.net) (193.180.251.58) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 13 Jan 2018 18:10:23 +0000 Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 3A.4C.14322.C8B4A5A5; Sat, 13 Jan 2018 19:10:20 +0100 (CET) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.42) with Microsoft SMTP Server (TLS) id 14.3.352.0; Sat, 13 Jan 2018 19:10:19 +0100 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=simon.marchi@ericsson.com; Received: from elxacz23q12.ericsson.se (129.192.64.65) by AMSPR07MB312.eurprd07.prod.outlook.com (2a01:111:e400:802f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.407.1; Sat, 13 Jan 2018 18:10:16 +0000 From: Simon Marchi To: CC: Simon Marchi Subject: [PATCH] Remove dwarf2_per_objfile_free and use after free of dwarf2_per_objfile Date: Sat, 13 Jan 2018 13:10:03 -0500 Message-ID: <1515867003-7567-1-git-send-email-simon.marchi@ericsson.com> MIME-Version: 1.0 X-ClientProxiedBy: SN4PR0701CA0007.namprd07.prod.outlook.com (2603:10b6:803:28::17) To AMSPR07MB312.eurprd07.prod.outlook.com (2a01:111:e400:802f::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d6c3323d-e0ea-4d6b-74d4-08d55ab0e6b9 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534125)(4602075)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:AMSPR07MB312; X-Microsoft-Exchange-Diagnostics: 1; AMSPR07MB312; 3:sU0paPYPxRBDD3OshqGfqIeThbE8raeoSdMj3ShyqxN1VszePK/xnVAPY3ZE4aa+x9n9KCdNC//vOxjdxHyP1D2mVOqg4BLBmXelY9ZfpLBK8fvaO4PLTTwWAOv6dCN42fi03jq/9ksHEIDS0XEclbLYTSQJQMQjwwX8lId82DTnhtEa2fSG6iYtdaxu0GL4q+/3+FYeUVuqTwdF1CfQeGzJqr+4p1XuJW1/enOkAKFXis/tWFtrBk9RjH/O7edD; 25:nh2ZHoVGdrpAeLf3V1CEQIY+hie0u+RP4s1d3/RQq5jNmHwm7Odlm+E6UxM4+8zDlkE5Hw66Pu7COp6t+T5QlUdWBySCkd44P1BV8xbclTK5SGpTV3gFgMg0jT54ZXK6YlunORaQhbmlVfM3FAj7ZgfGOwfNo/DKGog9sgNHpjNx9neKi/y1Onc/1/zsKhFtrtCa4tIai53Of1uNVNI2o/s2BLyj4lfuQzKdbomq4dZHP7pKAegUZkziBtKJQcfsd8auc8+trLLFchKtg2lBgfx3SsuJBiCghmoLuQMxS33ldLu44g8mQ5JiMIgM8vACuuCitLHFO04cT7vZT5n6XQ==; 31:HSfVlc0jeJEmhsIRRXlqOgA8Gu/PW0zCcI14Lb8IMDGWVvGluOYJkp7fY0mPBGwR0KVAxSOrSk0LYyy/YyVy+suzZfBYBRyg6AqBBRJl7F3k6jCc8RWqOFJwfee0mXyyNo3kI8b8Ystom6vhjsHrKArKdMsIDOmeY6DmWw3b1J5Y9sPvW9pmr5A/VTEUUwdOEmbmxwr8QxZJD9Nqj0YZBPzyjFsXe3pikSVStaPMV0k= X-MS-TrafficTypeDiagnostic: AMSPR07MB312: X-Microsoft-Exchange-Diagnostics: 1; AMSPR07MB312; 20:iwUCKc1enXhaFbeSzrq/EF5hhslNF8UkIu3eFKF+UFz8Z79RtkhDrgeUqveZKtsAMa54KCnwRxnKEhFFFVe4sPOOHW+Uy/BcPnehirL3KVoV/EzfTln9ZIRw3aybZOwm1wQeby5zXj33KF+klhIMa7AIdxDdnGty0bSBtCHEbXU+TBYesF7zzc9ul09hdrl+KcTrtkF808r6cAWctvz6ErmbybHRBcppcfrt9w70q3QllmvDkxETxMiOXmsIHfRNB17kvTz+JJ+V0wM1104V40pTt6OTbE79OxvSoBAHKtlAhCQdJVthLTkKW6RtzXcjRO5A50W9VPVhj69u/RnWQAzYdCukrC3moZgwM8ZVWL2PSDfmcc0dgxHpGIl/G4MSaEYRXiFTMjpnnGOiADO8ObhU+toR52gB99CPXN2yqcWEKZdMEZ4hGhI/t+jt6Haf5wIY37NxzdECGDGEt1z3yREuAdXVhfqNJgaG/PO1qpZFT06geGZZ/gDy8Vvu1vfL; 4:OBm3cUFTJAV3yf45P0dXKuN8svWsGnuSLPST/v74okKdqI4tpC4O8wMf1AGxgc3pQCTVNaPHOiStSfAmskcEAMWwLZKqryF7w5sisY5mtYu5JHVbMK5KDSHS6fJLsyY3MEMiO3l6bEPdS9m5QC6r7oq+QSyZhvN8qNOLnKMG2cQelNvCCGkgrMgXAUq0QxAd4YPAU4mtLFAvIz3bWfJfchWxz7tOtbGMZPiQsPzg0ND5nQm0SOy+Gin9XBpjvFdauqfpS2PiSvfGS4eqGnougQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231023)(944501158)(6041268)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:AMSPR07MB312; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AMSPR07MB312; X-Forefront-PRVS: 05514B7026 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(366004)(346002)(376002)(39860400002)(54534003)(199004)(189003)(6666003)(6916009)(53936002)(53416004)(66066001)(305945005)(36756003)(59450400001)(16586007)(316002)(6506007)(47776003)(2906002)(50466002)(48376002)(25786009)(6512007)(386003)(4326008)(7736002)(107886003)(97736004)(6116002)(3846002)(5660300001)(478600001)(6486002)(52116002)(106356001)(51416003)(105586002)(2351001)(69596002)(2361001)(15760500003)(8676002)(8936002)(16526018)(68736007)(81166006)(86362001)(81156014)(50226002); DIR:OUT; SFP:1101; SCL:1; SRVR:AMSPR07MB312; H:elxacz23q12.ericsson.se; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AMSPR07MB312; 23:MN6D4G55+bzrr0vfJj4bLqYg9ImDNlQweoaoyU4Ah0?= =?us-ascii?Q?JkkaRrHQR0HMv7vpxaGALqNI7uEKesqoR7KOGvsDdWQFqoK26LZI2JvusQBD?= =?us-ascii?Q?yVfwGuzZm+Mp75hPaf6DTXmNUpoUmFqa8zyq/ycD1mBAv8YVba5gcdcKIxnl?= =?us-ascii?Q?IXumslpMxAN74YkOodwK1/7ZOFT2UcRPRcQMjMU0OWUwqc2BbFA3S60uoNIo?= =?us-ascii?Q?wqRC+n1s43lf/48CJ6OWDnnwiIzL/fU4Qh61NjOJ6t+P1x9EfOmPwnqjYnkq?= =?us-ascii?Q?JcLWhU3/08EfiTp+/fOE/A4XbYmlU+onTXdeTEjhS2tnW4q27J+UZALxLyo2?= =?us-ascii?Q?ZoMRantlXTutL70DigOJ93X1i0a9w9MPBNQ2fZYOgmYowXFHHDWk2YCjOYB1?= =?us-ascii?Q?2PwT1N6aCgMKZR4WCJX0ElStTpUwSQr0PNGWZAEiVUft0VL0yZa+tvTqjI84?= =?us-ascii?Q?eoqcC9WlII+VWV/9OWDOcjz5GMwHYZ4YiK9ifgqs+SSeJXftrtb/8y2RP/cc?= =?us-ascii?Q?SGDd+UR05vIr+ivY1RbGNGDH9D8bzhoYBFB1q2Y7tUvUoyfCB4tz/nGISgY1?= =?us-ascii?Q?Ka7WB78wHUMnwz7t9rlGzmU7BEH/Ywj/E4HGGrCbjYFi3E7VIinWeOcBSj0L?= =?us-ascii?Q?xgKhsmYZXKDuDbExAdJL3vxaF4yIcFQaSmbp39lFA0jVziIo61sszfUvckXc?= =?us-ascii?Q?FboY2zFvdiKLMxUDuo0aMiBF/1OkfQ7bAc6JPotM41aG42v+g4fRxe14tX7P?= =?us-ascii?Q?y3bWIsyho3ESC21lYgMasqqJlgw/xIo1ZY3mJuxXrGZUsWbX1o1B46Ith2sR?= =?us-ascii?Q?gGqMKKgewodRUDn3H0jEfSDMIE8y6RJlcJ0jmiNQ2AZvCN6vfi81wqTlfC3d?= =?us-ascii?Q?pAXapH9V0Ai3ZzBJyVzPqceJsIBQFRC8IE0TlmhtgB5MoOoE1/dPjY50GpHM?= =?us-ascii?Q?6/P4oohLx0quCwWJEdGWjAA8B3bdq1R/4os+xfiwwdRqgVBrF1d651ns6ugd?= =?us-ascii?Q?EvzgwuPh8URMeFmxFttMEjtLuu3Kqx7DlcIYg1DdU9BcP16rnleWS52qwFxn?= =?us-ascii?Q?JCkMuDYAnJy/cEHxGTHTRVyYSO871Y9wqQlczZ909R5Zut6CeIKNIl7/BP+I?= =?us-ascii?Q?Z/gXiei4QpH4+lTM1s7KWnjdXSjyLNcOXuXlVVtGm0QRiYbE/rLa42ZIok1l?= =?us-ascii?Q?wQsum1IH8S7Jj5fUOwr0Gz9En3pckPzNGX?= X-Microsoft-Exchange-Diagnostics: 1; AMSPR07MB312; 6:pkvQbe/vPde33yXQWEE4LC1s3r6xrB54LZvFIgrb+YiqL8uxUAY7bSOcfeASOoC0UFfeQCgiHS66lsgfIa9D+5s4dqQBzeHdytFo3Qm9TY7OpR40Iwzft/TGTeqZag3zFqT47SVjjBdYiCtPaey408xrJdqM5DKEjITb1EPg+Tvwu2p+g2V7ZuxklkHJjC8ep2XAd0ABtI7WIqC/Hb46oly3gzgMNsk5H79d8SbgagkkG1cnl2i3YP2I9sbqi0UNYKcWmdSUkTvXZzyi+5Shvj9F7KSKq+veh1b73L+uJl/tfcL20opWPxdF9ZAyKXrqkvr+oh8lRFTdLmRfB9C0yEDKmAc0ppQU9PnbTyTXthE=; 5:VxQ9UHl2XdE8luIiUuJLftmJgzlzbgxkDXvQbdYG9n7/2K/Iu8wTCT8Y94Id75yxVcZeaQRHD8gh6DxIltL8Xph8Rew97gGpVpJj0GwKTUFj7naJVvkiAiRaxTwjzX+NulSwNro/TpIrzbKJ1svY4m/AG4evWrPlFaFyYHrOWRA=; 24:h2jq78TgPIq2D9/z30OBGzY3lrRnSePc0xS1rdfWt9TX486KjYkfxWx+Sj9Jqbbdu98A7D3koU4uQSDd/CFWzw/CULCX6IL3vEZfzgHvN4Q=; 7:wc61QfAov2gBMCj0zKuswXss3Vbv7QO0YVEsl7F0uKSKqirG7drSRFNAZKWmmpwWLJ0yT5PvvBJOIZ+PLl5Z1kzlhv1QB44iLWV/uoPjSwGu424kId8xc1egJIk6PLxiIF1i3iRz2RTo224glNQDGbB2jf9bzCNAm7BHNVSoycZKqk4YLngflSRqfhMbfvJLchdNqsauUo8tK1kN/wyOLruyYPdmzsnp9R+MMY0pYpAT/XNOprwal/uXJ/9gJf76 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2018 18:10:16.5075 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d6c3323d-e0ea-4d6b-74d4-08d55ab0e6b9 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR07MB312 X-OriginatorOrg: ericsson.com X-IsSubscribed: yes I got some crashes while doing some work with dwarf2_per_objfile. It turns out that dwarf2_per_objfile_free is using the dwarf2_per_objfile objects after their destructor has ran. The easiest way to reproduce this is to run the inferior twice (do "start" twice). Currently, it goes unnoticed, but when I tried to change all_comp_units and all_type_units to std::vectors, things started crashing. The dwarf2_per_objfile objects get destroyed here: #0 dwarf2_per_objfile::~dwarf2_per_objfile (this=0x35afe70, __in_chrg=) at /home/emaisin/src/binutils-gdb/gdb/dwarf2read.c:2422 #1 0x0000000000833282 in dwarf2_free_objfile (objfile=0x356cff0) at /home/emaisin/src/binutils-gdb/gdb/dwarf2read.c:25363 #2 0x0000000000699255 in elf_symfile_finish (objfile=0x356cff0) at /home/emaisin/src/binutils-gdb/gdb/elfread.c:1309 #3 0x0000000000911ed3 in objfile::~objfile (this=0x356cff0, __in_chrg=) at /home/emaisin/src/binutils-gdb/gdb/objfiles.c:674 and just after that the dwarf2read per-objfile registry cleanup function gets called: #0 dwarf2_per_objfile_free (objfile=0x356cff0, d=0x35afe70) at /home/emaisin/src/binutils-gdb/gdb/dwarf2read.c:25667 ... registry boilerplate ... #4 0x00000000009103ea in objfile_free_data (container=0x356cff0) at /home/emaisin/src/binutils-gdb/gdb/objfiles.c:61 #5 0x0000000000911ee2 in objfile::~objfile (this=0x356cff0, __in_chrg=) at /home/emaisin/src/binutils-gdb/gdb/objfiles.c:678 In dwarf2_per_objfile_free, we access fields of the dwarf2_per_objfile object, which is invalid since its destructor has been executed. This patch moves the content of dwarf2_per_objfile_free to the destructor of dwarf2_per_objfile. The call to register_objfile_data_with_cleanup in _initialize_dwarf2_read can be changed to the simpler register_objfile_data. gdb/ChangeLog: * dwarf2read.c (free_dwo_files): Add forward-declaration. (dwarf2_per_objfile::~dwarf2_per_objfile): Move content from dwarf2_per_objfile_free here. (dwarf2_per_objfile_free): Remove. (_initialize_dwarf2_read): Don't register dwarf2_per_objfile_free as a registry cleanup. --- gdb/dwarf2read.c | 57 ++++++++++++++++++++++++-------------------------------- 1 file changed, 24 insertions(+), 33 deletions(-) diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index dca2fe9..8a43b8d 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -2416,6 +2416,8 @@ dwarf2_per_objfile::dwarf2_per_objfile (struct objfile *objfile_, locate_sections (obfd, sec, *names); } +static void free_dwo_files (htab_t dwo_files, struct objfile *objfile); + dwarf2_per_objfile::~dwarf2_per_objfile () { /* Cached DIE trees use xmalloc and the comp_unit_obstack. */ @@ -2427,6 +2429,27 @@ dwarf2_per_objfile::~dwarf2_per_objfile () if (line_header_hash) htab_delete (line_header_hash); + for (int ix = 0; ix < n_comp_units; ++ix) + VEC_free (dwarf2_per_cu_ptr, all_comp_units[ix]->imported_symtabs); + + for (int ix = 0; ix < n_type_units; ++ix) + VEC_free (dwarf2_per_cu_ptr, + all_type_units[ix]->per_cu.imported_symtabs); + xfree (all_type_units); + + VEC_free (dwarf2_section_info_def, types); + + if (dwo_files) + free_dwo_files (dwo_files, objfile); + if (dwp_file) + gdb_bfd_unref (dwp_file->dbfd); + + if (dwz_file && dwz_file->dwz_bfd) + gdb_bfd_unref (dwz_file->dwz_bfd); + + if (index_table != NULL) + index_table->~mapped_index (); + /* Everything else should be on the objfile obstack. */ } @@ -25659,37 +25682,6 @@ show_dwarf_cmd (const char *args, int from_tty) cmd_show_list (show_dwarf_cmdlist, from_tty, ""); } -/* Free data associated with OBJFILE, if necessary. */ - -static void -dwarf2_per_objfile_free (struct objfile *objfile, void *d) -{ - struct dwarf2_per_objfile *data = (struct dwarf2_per_objfile *) d; - int ix; - - for (ix = 0; ix < data->n_comp_units; ++ix) - VEC_free (dwarf2_per_cu_ptr, data->all_comp_units[ix]->imported_symtabs); - - for (ix = 0; ix < data->n_type_units; ++ix) - VEC_free (dwarf2_per_cu_ptr, - data->all_type_units[ix]->per_cu.imported_symtabs); - xfree (data->all_type_units); - - VEC_free (dwarf2_section_info_def, data->types); - - if (data->dwo_files) - free_dwo_files (data->dwo_files, objfile); - if (data->dwp_file) - gdb_bfd_unref (data->dwp_file->dbfd); - - if (data->dwz_file && data->dwz_file->dwz_bfd) - gdb_bfd_unref (data->dwz_file->dwz_bfd); - - if (data->index_table != NULL) - data->index_table->~mapped_index (); -} - - /* The "save gdb-index" command. */ /* Write SIZE bytes from the buffer pointed to by DATA to FILE, with @@ -27321,8 +27313,7 @@ _initialize_dwarf2_read (void) { struct cmd_list_element *c; - dwarf2_objfile_data_key - = register_objfile_data_with_cleanup (NULL, dwarf2_per_objfile_free); + dwarf2_objfile_data_key = register_objfile_data (); add_prefix_cmd ("dwarf", class_maintenance, set_dwarf_cmd, _("\ Set DWARF specific variables.\n\